HEY YOU!!!, Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our new people forums. To access all the good good stuff you need to post, post, and post more.


Support Webrats Forum with your Subscription. Only $5.95 per month!
Adult lounge Access • Private Messaging • GAMES •
Please click here for more details • Please click here to subscribe
Go Back   WR > Community > Computers and Programming
Reload this Page Help Hijackthis results
User Name
Password
Register Help Desk Music Uploads Live Cams Arcade Upgrade Account Mark Forums Read
Reply
 
Thread Tools
Old 06-12-2004, 03:48 PM   #1
adoorisnotadoor
Guest
 
Posts: n/a/0
Threads:
Help Hijackthis results
click on one of our sponsors! OR REMOVE ADS
I have a Hijacker that can't be fixed by Spyware Doctor, Spybot, Ad-aware 6.0 and Norton virus scan. I did run Hijackthis and these are my results. What do I do?

Logfile of HijackThis v1.97.7
Scan saved at 3:40:14 PM, on 6/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\inetsrv\services.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\msupdate.exe
C:\WINDOWS\inetsrv\s.exe
C:\Documents and Settings\JimJim\Application Data\heds.exe
C:\WINDOWS\System32\wapiit.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Documents and Settings\JimJim\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pggkko.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pggkko.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pggkko.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pggkko.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pggkko.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pggkko.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://security.kolla.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=C:\WINDOWS\inetsrv\services.exe
O1 - Hosts: 198.65.164.168 00hq.com
O1 - Hosts: 198.65.164.168 8ad.com
O1 - Hosts: 198.65.164.168 searchv.com
O1 - Hosts: 198.65.164.168 www.searchv.com
O1 - Hosts: 198.65.164.168 008k.com
O1 - Hosts: 198.65.164.168 www.008k.com
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {C993AD17-CB16-4E2C-8D85-D1BCFBD5C72B} - C:\WINDOWS\System32\pggkko.dll
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\JimJim\Application Data\syslw\syslw.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\JimJim\Application Data\syslw\ipid.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\JimJim\Application Data\syslw\mfczd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\services.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - HKLM\..\Run: [ist service uninstall x] C:\WINDOWS\inetsrv\s.exe /u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSConfig Manager] C:\WINDOWS\msupdate.exe
O4 - HKCU\..\Run: [Tema] C:\Documents and Settings\JimJim\Application Data\heds.exe
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapiit.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\sdkqh32.dll,Install
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: www.mt-download.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - ms-its:mhtml:file://C:\ss.MHT!http://www.traffichog.com/chm.chm::/files/initial.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8080.2449189815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506908.exe
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs...her/MotUtil.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Submit to Clesto Submit to Digg Submit to Reddit Submit to Furl Submit to Del.icio.us Submit to Spurl | quote |
Sponsored Links
REMOVE ADS
Old 06-13-2004, 09:56 AM   #2
jessicaq
whore
 
 
Join Date: Jun 2004
Location: SoCal
Posts: 364/0.22
Threads: 0
FEMALE
Re: Help Hijackthis results
Personally, seeing you have AOL, I would format your harddrive. Ok, so you know I'm not a die hard aol fan. Visit pestpatrol.com and get their tool by the same name. We use this in our corporate environment and it works very very well. It's much better than spybot s&d and adaware. It has a cookie patrol that makes an annoying sound when it blocks a cookie, you can download the cookie silencer from their support area to turn the sound off for that item since it's not controllable from the options menu.
Jessica.
Submit to Clesto Submit to Digg Submit to Reddit Submit to Furl Submit to Del.icio.us Submit to Spurl | quote |
Old 06-14-2004, 08:09 AM   #3
adoorisnotadoor
Guest
 
Posts: n/a/0
Threads:
Re: Help Hijackthis results
Thank you Jessica. I figured out how to get rid of this trojan, but I will get the program you use. Spybot didn't recognise the problem at all. I used CWSHREDDER that worked. Thanks for the help. :rock:
Submit to Clesto Submit to Digg Submit to Reddit Submit to Furl Submit to Del.icio.us Submit to Spurl | quote |
Old 07-18-2004, 09:40 AM   #4
summersbreeze
whore
 
 
Join Date: May 2004
Location: Hotlanta
Posts: 82/0.05
Threads: 0
MALE
Re: Help Hijackthis results
housecall.antivirus.com got rid of my brother's problems when his browser was hijacked.
Submit to Clesto Submit to Digg Submit to Reddit Submit to Furl Submit to Del.icio.us Submit to Spurl | quote |
Reply

WR > Community > Computers and Programming
Reload this Page Help Hijackthis results
« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:

Powered by Waldo 12345678910 1213 14 15 Copyright © 2000-2005 Jelsoft Enterprises Limited.
Page generated in 1.91648197 seconds (96.51% PHP - 3.49% MySQL) with 13 queries
206.212.255.29 Message Boards and Forums Directory